Overview

overview

10

Static

static

10

b5ffd4ecdf...a5.exe

windows7_x64

10

b5ffd4ecdf...a5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5ffd4ecdf7f1d4eb5f13a7207c5e4a5.exe

  • Size

    1.1MB

  • Sample

    201109-yv12rnxz9a

  • MD5

    b5ffd4ecdf7f1d4eb5f13a7207c5e4a5

  • SHA1

    145b3ed98ffe2ca15172dcabf52a76ecd33bd657

  • SHA256

    615b9395be665d265953e69924b4df1808eda0fd40381d6d469bf4c362590125

  • SHA512

    8e918bc2304f7e761736d2c03494bf278c854fdfb30ec7d7459fd1cfbcdd88c279396d55d0d8954389d742d6e3f46b99bb93dbce3137c26d1ca95e3ee8c93ea3

Score
10/10
buerloaderpersistencevmprotect

Malware Config

Targets

    • Target

      b5ffd4ecdf7f1d4eb5f13a7207c5e4a5.exe

    • Size

      1.1MB

    • MD5

      b5ffd4ecdf7f1d4eb5f13a7207c5e4a5

    • SHA1

      145b3ed98ffe2ca15172dcabf52a76ecd33bd657

    • SHA256

      615b9395be665d265953e69924b4df1808eda0fd40381d6d469bf4c362590125

    • SHA512

      8e918bc2304f7e761736d2c03494bf278c854fdfb30ec7d7459fd1cfbcdd88c279396d55d0d8954389d742d6e3f46b99bb93dbce3137c26d1ca95e3ee8c93ea3

    Score
    10/10
    buerloaderpersistencevmprotect

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Modifies WinLogon for persistence

      persistence

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Deletes itself

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks